We have recently purchased ATP and are in the middle of configuring it alongside our SEP 12.1.8 environment. One of the features with ATP is the ability to isolate and quarantine a machine if it shows up as infected. This hasn’t worked to date and a bit of research shows it needs to be linked to a HI script and a Quarantine firewall policy. The Firewall policy and the link to the OU policy we believe are set up correctly.
Where i am having an issue is generating the script that comes inside the HI policy. There is no pre defined script created by SEP. The only option i see is to create a custom script with the “if, Then” script and select “Antivirus: Check not infected”. However, with this there is no option under the “If” to state if infected take action A if not infected take action B.
Perhaps someone has already configured this link between ATP and SEP who could share the HI policy or let me know the steps to take here.
https://support.symantec.com/en_US/article.HOWTO125535.html – this is the article i am working off at the moment.